While the Oregon Health Authority says they, nor any state systems, were compromised, this did impact 1.7 million OHP members’ sensitive information like insurance ID numbers, diagnosis codes, claims data and social security numbers.
OHA says because this breach compromised health and insurance information, it required additional steps before going public, though affected members were notified shortly after the attack.
“There’s a regulatory compliance issue with here too, with HIPAA possibly, which might be why it took them a little bit longer to announce this particular compromise,” Ken Westin, a local cyber security expert, told KOIN 6.
Westin, who works as a senior information security officer for Panther Labs, says the original hack was of Progress MOVE-IT data software used by agencies around the world.
“I think every organization that actually has a software has to sort of now assume that they were compromised, and then work backwards to verify if it is, in fact, a compromise or not,” Westin said.
Since the initial DMV breach was announced, they’ve also learned more about the group behind the widespread attack, identified as CL0P.
“They’ve been pretty prolific over the years as a ransomware gang. They primarily work out of Russia and Eastern Europe. They really easily were targeting businesses, they’re going after ransomware, and they’re able to make quite a bit of money doing it. It’s a very lucrative business. And they’re able to operate in these countries where they can basically operate with impunity. There are no extradition laws,” Westin said. “So even though we may know who they are, who the actual individuals are, there’s no way for our law enforcement to catch them and stop them, and right now, in particular, they sort of feel a little more emboldened, particularly with sort of the state of geopolitics in the war.”
Westin says it’s also not out of the realm of possibility to see more high-profile data breaches down the line, adding that when you see a ransomware group making money, copycats are likely to follow.
The Oregon Health Authority says that potential victims should keep an eye out for more information sent in the mail from PH Tech — which is offering free identity theft protection.